query('SET NAMES UTF8'); } catch (PDOException $e) { echo 'Database connection fails: ' . $e->getMessage() . '
'; exit; } function objsqlRow($sqlStr,$parameter=NULL){ global $conn; $sql = $conn->prepare($sqlStr); if ($parameter!=NULL){ $parameter=parameterHtmlencode($parameter); $sql->execute($parameter) or die(print_r($sql->errorInfo())); }else{ $sql->execute() or die(print_r($sql->errorInfo())); } $rowAll=$sql->fetch(PDO::FETCH_OBJ); if ($rowAll!=NULL){ $row=$rowAll; return $row; }else{ return NULL; } } function sqlRow($sqlStr,$parameter=NULL,$type='ASSOC'){ global $conn; $sql = $conn->prepare($sqlStr); if ($parameter!=NULL){ $parameter=parameterHtmlencode($parameter); $sql->execute($parameter) or die(print_r($sql->errorInfo())); }else{ $sql->execute() or die(print_r($sql->errorInfo())); } if ($type=='NUM'){ $rowAll=$sql->fetch(PDO::FETCH_NUM); }else{ $rowAll=$sql->fetch(PDO::FETCH_ASSOC); } if ($rowAll!=NULL){ return $rowAll; }else{ return NULL; } } function sqlRowList($sqlStr,$parameter=NULL,$type='ASSOC'){ global $conn; $sql = $conn->prepare($sqlStr); if ($parameter!=NULL){ $parameter=parameterHtmlencode($parameter); $sql->execute($parameter) or die(print_r($sql->errorInfo())); }else{ $sql->execute() or die(print_r($sql->errorInfo())); } if ($type=='NUM'){ $rowAll=$sql->fetchAll(PDO::FETCH_NUM); }else{ $rowAll=$sql->fetchAll(PDO::FETCH_ASSOC); } if ($rowAll!=NULL){ return $rowAll; }else{ return NULL; } } function sqlRowCount($sqlStr,$parameter=NULL){ global $conn; $sql = $conn->prepare($sqlStr); if ($parameter!=NULL){ $parameter=parameterHtmlencode($parameter); $sql->execute($parameter) or die(print_r($sql->errorInfo())); }else{ $sql->execute() or die(print_r($sql->errorInfo())); } return $sql->rowCount(); } function sqlExc($sqlStr,$parameter=NULL){ global $conn; $sql = $conn->prepare($sqlStr); if ($parameter!=NULL){ $parameter=parameterHtmlencode($parameter); $sql->execute($parameter) or die(print_r($sql->errorInfo())); }else{ $sql->execute() or die(print_r($sql->errorInfo())); } } function parameterHtmlencode($parameter){ $parameter2=array(); foreach ($parameter as $key => $value) { if (is_array($value)){ $parameter2[$key]=$value[0]; //不要htmlencode的欄位使用陣列來區分，例如編緝器內容 }elseif (is_numeric($value) || is_bool($value)){ $parameter2[$key]=$value; }elseif ($value==NULL || $value==""){ $parameter2[$key]=NULL; }else{ $parameter2[$key]=htmlencode($value); } } return $parameter2; } function sqlUpdateString($colSql){ $colSql=str_replace("`","",$colSql); $cu=explode(",",$colSql); $colSql=""; for ($i=0;$i0?",":"")."`".$cu[$i]."`=:".$cu[$i]; } return $colSql; } function sqlInsertString($colSql,$mode){ $colSql=str_replace("`","",$colSql); $cu=explode(",",$colSql); $colSql=""; for ($i=0;$i0?",":"")."`".$cu[$i]."`"; }elseif ($mode==1){ $colSql.=($i>0?",":"").":".$cu[$i]; } } return $colSql; } function sqlSortAdd($table,$query){ $sqlStr="update `".$table."` set `range`=`range`+1"; if ($query!=""){ $sqlStr.=" where ".$query; } sqlExc($sqlStr,NULL); } //解決5.30以上無法接值問題================================== if(function_exists('ini_get')) { $onoff = ini_get('register_globals'); } else { $onoff = get_cfg_var('register_globals'); } if($onoff != 1) { @extract($HTTP_SERVER_VARS, EXTR_SKIP); @extract($HTTP_COOKIE_VARS, EXTR_SKIP); @extract($HTTP_POST_FILES, EXTR_SKIP); @extract($HTTP_POST_VARS, EXTR_SKIP); @extract($HTTP_GET_VARS, EXTR_SKIP); @extract($HTTP_SESSION_VARS, EXTR_SKIP); } if(!ini_get('register_globals')) { extract($_POST); extract($_GET); extract($_SERVER); extract($_FILES); extract($_ENV); extract($_COOKIE); if(isset($_SESSION)) { extract($_SESSION); } } //=========================================================== //開啟session if (!isset($_SESSION)) { session_start(); } //上傳限制 @ini_set( 'upload_max_size' , '64M' ); @ini_set( 'post_max_size', '64M'); @ini_set( 'max_execution_time', '3600' ); // 如果 magic_quotes_gpc 打開了會影響Ckeditor編緝器造成自動加上跳脫字元 if (get_magic_quotes_gpc()) { // 彙整所有受到影響的變數，且一定要用「&」by reference $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k => $v) { // 清掉受 magic_quotes_gpc 影響的值 unset($process[$key][$k]); if (is_array($v)) { // 這一段看不懂 $process[$key][stripslashes($k)] = $v; $process[] = &$process[$key][stripslashes($k)]; } else { // 復原受 magic_quotes_gpc 影響的值 $process[$key][stripslashes($k)] = stripslashes($v); } } } unset($process); } //語系設定=============================== function languageSet(){ $nationSet=array(); $nationSet[0]="繁體中文|TW|webc"; //如為單語系，請至少保留一個，勿全刪 //$nationSet[1]="简体中文|CN|webs"; //$nationSet[2]="English|US|webe"; return $nationSet; } //是否為多語系 function isMultiLanguage(){ $lang=languageSet(); if (count($lang)>1){return true;}else{return false;} } //建立語系下拉 function buildLanguage($nation){ $lang=languageSet(); for ($i=0;$i'.$nations[0].''; } } //取得目前頁面的語系代號 function nation(){ $dir=languageDir(); $lang=languageSet(); for ($i=0;$i" . $sys[1] . "";} return $tmpStr;} else { return "非正規陣列資料"; } } //建立 CheckBox Radio 物件 function inInputCR($arrVal,$objType,$objName,$defVal=''){ if (empty($objType)) return "未定義 Type"; if (empty($objName)) return "未定義 Name"; if (!is_array($arrVal)) return "非正規陣列資料"; $tmpStr = ""; for($i=0;$i " ; } return $tmpStr; } /* 陣列代碼轉字串 ' 格式：陣列值_陣列名稱*/ function inNumberString($arr,$v,$ex='，'){ $tmpStr = ""; $arrRow = 0; if (is_array($arr)) { foreach ($arr as $value) { $sys=explode("_",$value); if(!is_array($v)){ if ($sys[0] == $v) { $tmpStr = $sys[1]; } }else{ foreach($v as $item){ if ($sys[0] == $item) { if ($tmpStr!="") { $tmpStr.=$ex; } $tmpStr.=inNumberString($arr,$item); } } } } return $tmpStr; } } //ASP分頁程式改PHP function PageNum($PageNumber,$PageCount,$PageQueryString=''){ $tmpStr=""; if (is_numeric($PageNumber) && is_numeric($PageCount)) { $PageSection = floor((($PageNumber - 1) / 10)) * 10 + 1; /*if ($PageSection > 10) { $tmpStr .= " << "; }*/ if ($PageCount > 1) { for($tmpPage = $PageSection;$tmpPage <=($PageSection +9);$tmpPage++){ if ($tmpPage > $PageCount) break; if ((int)$tmpPage == (int)$PageNumber) { $tmpStr .= "

". $tmpPage . "

";} else{ $tmpStr .= "

" . $tmpPage . "

"; } } } /*if ($PageCount > ($PageSection + 10)) { $tmpStr = $tmpStr . " >> "; }*/ if ($PageQueryString != '') { $tmpStr = str_replace("[QueryString]",$PageQueryString,$tmpStr);} else{ $tmpStr = str_replace("[QueryString]","",$tmpStr); } } return $tmpStr; } //分頁模組2 function getPageRange($currentPage, $totalPages, $displaySize = 10) { if ($totalPages <= 0 || $displaySize <= 0) { return array(); } elseif ($displaySize > $totalPages) { $startPage = 1; $endPage = $totalPages; } else { if ($currentPage % $displaySize === 0) { $startPage = $currentPage - $displaySize + 1; } else { while (($currentPage % $displaySize)) { --$currentPage; } $startPage = $currentPage + 1; } if ($startPage <= 0) { $startPage = 1; } $endPage = $startPage + $displaySize - 1; if ($endPage > $totalPages) { $endPage = $totalPages; $startPage = $endPage - $displaySize + 1; } } return range($startPage, $endPage); } function getSubName($fileName){ //抓副檔名 $tmp=explode(".",$fileName); return ".".$tmp[count($tmp)-1]; } function rnd_code($max){ //亂數產生器 $max=亂數長度 $new_rnd=""; $str = "abcdefghijkmnpqrstuvwxyz1234567890"; $l = strlen($str); //取得字串長度 mt_srand((double)microtime()*1000000); // 設定亂數種子 for($i=0; $i<$max; $i++){ $num=rand(0,$l-1); $new_rnd.= $str[$num]; } return $new_rnd; } function cut_str($str, $strlen) { //無亂碼-中文字碼截字串 //把' '先轉成空白 $str = str_replace(' ', ' ', $str); $output_str_len = 0; //累計要輸出的擷取字串長度 $output_str = ''; //要輸出的擷取字串 //逐一讀出原始字串每一個字元 for($i=0; $i= $strlen){ $output_str.="..."; break; } //取得目前字元的ASCII碼 $str_bit = ord(substr($str, $i, 1)); if($str_bit < 128) { //ASCII碼小於 128 為英文或數字字符 $output_str_len += 1; //累計要輸出的擷取字串長度，英文字母算一個字數 $output_str .= substr($str, $i, 1); //要輸出的擷取字串 }elseif($str_bit > 191 && $str_bit < 224) { //第一字節為落於192~223的utf8的中文字(表示該中文為由2個字節所組成utf8中文字) $output_str_len += 2; //累計要輸出的擷取字串長度，中文字需算二個字數 $output_str .= substr($str, $i, 2); //要輸出的擷取字串 $i++; }elseif($str_bit > 223 && $str_bit < 240) { //第一字節為落於223~239的utf8的中文字(表示該中文為由3個字節所組成的utf8中文字) $output_str_len += 2; //累計要輸出的擷取字串長度，中文字需算二個字數 $output_str .= substr($str, $i, 3); //要輸出的擷取字串 $i+=2; }elseif($str_bit > 239 && $str_bit < 248) { //第一字節為落於240~247的utf8的中文字(表示該中文為由4個字節所組成的utf8中文字) $output_str_len += 2; //累計要輸出的擷取字串長度，中文字需算二個字數 $output_str .= substr($str, $i, 4); //要輸出的擷取字串 $i+=3; } } //要輸出的擷取字串為空白時，輸出原始字串 return ($output_str == '') ? $str : $output_str; } //縣市相關========================================================== function getCity($num){ //取得縣市名稱 $sqlStr="select City from city where num=:num"; $parameter=array(':num' => $num); $row=sqlRow($sqlStr,$parameter); if ($row!=NULL){return $row["City"];}else{return "";} } function getArea($num){ //取得鄉鎮名稱 $sqlStr="select Area from area where num=:num"; $parameter=array(':num' => $num); $row=sqlRow($sqlStr,$parameter); if ($row!=NULL){return $row["Area"];}else{return "";} } function buildCity($num){ //建立縣市下拉清單 $sqlStr="select num,City from city order by `num`"; $rowAll=sqlRowList($sqlStr,NULL); foreach ($rowAll as $row){ if($num!=NULL && $num==$row['num']){ echo ''.$row["City"].''; }else{ echo ''.$row["City"].''; } } } function buildArea($cityNum,$num){ //建立鄉鎮下拉清單 $sqlStr="select num,Area from area where city_num=:city_num"; $parameter=array(':city_num' => ($cityNum!="" && $cityNum!=NULL?$cityNum:0)); $rowAll=sqlRowList($sqlStr,$parameter); foreach ($rowAll as $row){ if ($num==$row["num"] && $num!=NULL){ echo ''.$row["Area"].''; }else{ echo ''.$row["Area"].''; } } } function time_sql(){ //前台回傳時間區間的條件式 global $t_diff; $nowday=date("Y-m-d",time()+$t_diff); $tmp=" and ((`selltime1`<='".$nowday."' or `selltime1`='0000-00-00' or `selltime1` is null) and (`selltime2`>='".$nowday."' or `selltime2`='0000-00-00' or `selltime2` is null))"; return $tmp; } function now(){ global $t_diff; return date("Y-m-d H:i:s",time()+$t_diff); } function dateAdd($date,$y,$m,$d){ $years = date("Y",strtotime($date)); //用date()函式取得目前年份格式0000 $months = date("m",strtotime($date)); //用date()函式取得目前月份格式00 $days = date("d",strtotime($date)); //用date()函式取得目前日期格式00 return date("Y-m-d",mktime(0,0,0,$months+$m,$days+$d,$years+$y)); } function datetype($date,$type='Y-m-d'){ //傳回指定格式的日期 if ($type==''){$type='Y-m-d';} return date($type,strtotime($date)); } function time_split($t){ //傳回日期的部份 $tmp=explode(" ",$t); return $tmp[0]; } function br($word){ $word=str_replace(chr(13),'',$word); return str_replace(chr(10),'
',$word); } function urlQuery($notNeedParameters){ $query=$_SERVER['QUERY_STRING']; if ($query!=""){ $q=explode("&",$query); $query=""; for ($i=0;$i $root); $rowAll=sqlRowList($sqlStr,$parameter); if ($rowAll!=NULL){ foreach($rowAll as $row){ $tmp.=",".$row["num"].kind_sql($row["num"],$tb); } } return $tmp; } function menuRoot($table,$num){ $sqlStr="select root,kind from `".$table."` where num=:num and root>0"; $parameter=array(':num'=>$num); $row=sqlRow($sqlStr,$parameter); if ($row!=NULL){ return menuRoot($table,$row["root"]).",".$num; }else{ return $num; } } function menuRow($nation,$table,$root,$url,$menuRoot,$level=1){ global $menuNavigation; $sqlStr="select num,kind from `".$table."` where root=:root and nation=:nation order by `range`"; $parameter=array(':root'=>$root,':nation'=>$nation); $rowAll=sqlRowList($sqlStr,$parameter); if ($rowAll!=NULL){ foreach($rowAll as $row){ if ($level==1){ //套入第1層分類的樣式 echo '

'.$row["kind"].'

'; }elseif ($level==2){ //套入第2層分類的樣式 echo '

…'.$row["kind"].'

'; }elseif ($level==3){ //套入第2層分類的樣式 echo '

……'.$row["kind"].'

'; } if (count($menuRoot)>$level-1){ if ($row["num"]==$menuRoot[$level-1]){ $menuNavigation.=($menuNavigation!=""?" / ":"").$row["kind"]; menuRow($nation,$table,$row["num"],$url,$menuRoot,$level+1); } } } } } function get_mykind($tb,$num){ $sqlStr = "select * from `".$tb."` where num=:num"; $parameter=array(':num' => $num); $row=sqlRow($sqlStr,$parameter); if($row!=NULL){ if ($row["root"]>0){return get_mykind($tb,$row["root"])."/
".$row["kind"];} else{ return $row["kind"];} }else{ return '分類不存在'; } } function tb_sql($cu,$tb,$num){ //傳回指定表單的指定欄 $sqlStr="select `".$cu."` from `".$tb."` where `num`=:num"; $parameter=array(':num' => $num); $row=sqlRow($sqlStr,$parameter); if ($row!=NULL){return $row[$cu];}else{return "";} } function get_myip(){ //取得ip if (empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $myip = $_SERVER['REMOTE_ADDR']; } else { $myip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $myip = $myip[0]; } if ($myip=="::1"){$myip="127.0.0.1";} return $myip; } function scriptMsg($msg,$url){ //彈跳視窗轉址 ?> '; echo '

'; $AryKey=array(); $value=array(); $i=0; $Ary = $_POST; foreach($Ary as $AryKey[$i]=>$value[$i]){ $chk=true; if (is_array($noPost)){ for ($j=0;$j'; } $i++; } echo ''; echo ''; } function getMethod($kind,$nation){ $sqlStr="select word from method where kind=:kind and nation=:nation"; $parameter=array(':kind' => $kind,':nation' => $nation); $row=sqlRow($sqlStr,$parameter); if ($row!=NULL){return $row["word"];}else{return "";} } //檢查是否允許存取後台 $chkadminurl=explode("/",$_SERVER['PHP_SELF']); $allowAdmin=false; $mangeIP=get_myip(); for ($i=0;$i'; die('您沒有訪問訪問後台的權限!'); exit; } } } //SQL Injection 防範==================================================== function inject_check($sql_str) { $match_str='/select|insert|update|delete|script|drop|alter|<|>|\'|\/\*|\*|\.\.\/|\.\/|union|into|--|load_file|outfile/i'; return preg_match($match_str, $sql_str); // 進行過濾 //return eregi('select|insert|update|delete|script|drop|alter|<|>|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); // php5.3之前的版本-進行過濾 } //前台POST、GET防止SQL Injection $chkinjurl=explode("/",$_SERVER['PHP_SELF']); $inject_chk=true; for ($i=0;$i$a[$i]){ if(is_array($a[$i])) { foreach($a[$i] as $value){ if (inject_check($value)){ //scriptMsg("",web_error_url()."?category=input_error"); echo "您的資料帶有不安全的內容"; exit; } } }else{ if (inject_check($a[$i])){ //scriptMsg("",web_error_url()."?category=input_error"); echo "您的資料帶有不安全的內容"; exit; } } $i++; } $i=0; $Ary = $_GET; foreach($Ary as $AryKey[$i]=>$a[$i]){ if (inject_check($a[$i])){ //scriptMsg("",web_error_url()."?category=input_error"); echo "您的資料帶有不安全的內容"; exit; } $i++; } } function sqlCheck($str){ return mysql_real_escape_string($str); } //延續搜尋條件========================================================= function getRequests($key){ $att=""; $AryKey=array(); $a=array(); $i=0; $Ary = $_REQUEST; foreach($Ary as $AryKey[$i]=>$a[$i]){ if (strtolower(substr($AryKey[$i],0,strlen($key)))==$key){ if ($a[$i]!=""){ $att.="&".$AryKey[$i]."=".urlencode($a[$i]); } } $i++; } return $att; } function htmlencode($str){ return htmlentities($str,ENT_QUOTES,"UTF-8"); } function isPost($host=true){ //是否檢查網域 if (strtoupper($_SERVER['REQUEST_METHOD'])=="POST"){ if($host){ $httpReferer=strtolower($_SERVER['HTTP_REFERER']); $httpReferer=str_replace('http://','',$httpReferer); $httpReferer=str_replace('https://','',$httpReferer); $post_arr=explode('/',$httpReferer); $httpHost=strtolower($_SERVER['HTTP_HOST']); if($httpHost==$post_arr[0]){ //檢查是否網站本身POST 防止遠端POST return true; }else{ return false; } }else{ return true; } }else{ return false; } } //ACE加密 & 解密=================================================== function encodeStr($str) { $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, EnCodeKey, $str, MCRYPT_MODE_CBC, DeCodeKey); return base64_encode($encrypted); } function decodeStr($str){ $encryptedData = base64_decode($str); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, EnCodeKey, $encryptedData, MCRYPT_MODE_CBC, DeCodeKey); return $decrypted; } //寄信============================================================ require_once "PHPMailer-master/class.phpmailer.php"; function mailSend($subject,$message,$to){ global $com_name; global $com_smtp; global $com_mail; global $com_smtp_port; global $com_smtp_id; global $com_smtp_pw; global $com_use_gmail; $mail= new PHPMailer(); //建立新物件 $mail->IsSMTP(); //設定使用SMTP方式寄信 $mail->SMTPAuth = ($com_smtp_id!=""?true:false); //設定SMTP需要驗 if ($com_use_gmail=="Y"){ //Gmail需主機確認開放openSSL才能正常 $mail->SMTPSecure = "ssl"; // Gmail的SMTP主機需要使用SSL連線 $mail->Host = "smtp.gmail.com"; //Gamil的SMTP主機 $mail->Port = 465; //Gamil的SMTP主機的SMTP埠位為465埠。 }else{ $mail->Host = $com_smtp; //SMTP主機 $mail->Port = $com_smtp_port; //SMTP埠位 } $mail->CharSet = "utf-8"; //設定郵件編碼 if ($com_smtp_id!=""){ $mail->Username = $com_smtp_id; //帳號 $mail->Password = $com_smtp_pw; //密碼 } $mail->From = $com_mail; //設定寄件者信箱 $mail->FromName = $com_name; //設定寄件者姓名 $mail->Subject = $subject; //設定郵件標題 $mail->Body = $message; //設定郵件內容 $mail->IsHTML(true); //設定郵件內容為HTML //$mail->AddAddress($to, "xxxx"); //設定收件者郵件及名稱 $mail->AddAddress($to); //設定收件者郵件及名稱 if(!$mail->Send()) { return "Mailer Error: " . $mail->ErrorInfo; } else { return NULL; } } //設計師模式=============================== function chkDesignIP(){ //核對ip $ip=get_myip(); global $WEB_ROOT; global $designIP; $chk=false; for ($i=0;$i必要 require_once "class/photo.php"; $photoClass = new Photo; //會員相關 require_once "class/member.php"; $memberClass = new Member; //相簿相關 require_once "class/album.php"; $albumClass = new Album; //訂單相關 require_once "class/order.php"; $orderClass = new Order; //Banner相關 require_once "class/banner.php"; $bannerClass = new Banner; ?>